Alarming as this may sound, CEO fraud emails are becoming more common in recent times. Scams like these are often well-crafted and may sound legitimate; thus targeting employees that may not be too savvy with how the organization works. For this reason, employee education is of utmost importance to combat this type of fraud and when possible, mitigate risks and losses.
CEO fraud email campaigns are also known as business email compromise attacks. Fake emails from CEOs are designed to con accounting staff into thinking that a legitimate email has been sent ordering them to schedule and approve deceitful wire transfers.
Oftentimes, otherwise diligent employees are tricked into thinking that an emergency fund transfer has to be done, thus they are more apt to bypass basic security measures. If an employee receives the fraudulent email and thinks that by approving the transfer he or she will be helping the company, then large sums of money can be transferred to the fake CEO account.
Ballooning Losses to CEO Fraud
Let’s take a look at an FBI report. According to our neighbouring country’s investigative agency, business email attacks were responsible for a worldwide loss of more than $1.2 billion between October 2013 to August 2015. This figure was disputed by Bank of the West deputy chief security officer David Pollino who estimated that last year’s losses alone could have easily been more than $1 billion.
According to recent surveys, about half of businesses today are exposed to email and wire fraud. JP Morgan Chase managing director and treasury executive Nancy McDonnell was noted as saying that payments and cyber fraud schemes are growing in sophistication each year. She added that recognizing and managing these threats is crucial to protecting one’s organization. Furthermore, she shared that investing in employee education, infrastructure controls, and appropriate data-protection tools is fundamental to every business.
CEO Email Scam – Big Money for Little Effort
The reason this scam is so prevalent is that the chances of success and big payout for perpetrators is huge compared to any effort they put in. the fraudster (or fraudsters) simply makes an email address that mimics the email address of the CEO and uses that email to demand funds from the organization via email in the guise of an urgent wire transfer for company expense. These emails will typically be embellished with company details to seem legitimate.
There may be times that an email would be followed by a few more to pressure the recipient to take immediate action. This is why the importance of employee education can’t be discounted for matters like this. An employee who has been briefed on company policies and protocols will not bypass basic security measures to give in to a seemingly legitimate demand because of the knowledge that the protocols are known to their superiors as well.
Employee Education Matters!
Of course email authentication can help with minimizing the risks and losses but employee education is still your best line of defense. In the event that a mistake has been made or if the funds transfer has already been done before the scam was discovered, a trained employee will also know what actions to do next such as contacting law enforcement or the bank’s fraud department.